According to a latest news, the popular Yoast SEO WordPress Plugin has a major vulnerability that makes a website susceptible to blind SQL
injections. This is a very popular plugin that is used by over 14
million websites. Reportedly, all versions of SEO by Yoast prior to
1.7.3.3 are vulnerable to Blind SQL Injection web application flaw. This
is an alarming news for those that use this plugin, because it could
seriously compromise the data on their website.
According to Mohit Kumar of Hacker News:
“Basically in SQLi attack, an attacker inserts a malformed SQL query into an application via client-side input. However, in this scenario, an outside hacker can’t trigger this vulnerability itself because the flaw actually resides in the ‘admin/class-bulk-editor-list-table.php’ file, which is authorized to be accessed by WordPress Admin, Editor or Author privileged users only.
Therefore, in order to successfully exploit this vulnerability, it is required to trigger the exploit from authorized users only. This can be achieved with the help of social engineering, where an attacker can trick authorized user to click on a specially crafted payload exploitable URL.”
So in other words, WordPress admins can be tricked into clicking on
links that would then trigger an SQLi attack. After the attack, the
attacker could then add their own admin account to the vulnerable
WordPress site and do whatever they want with it.
Everyone who has SEO by Yoast installed is not going to be automatically
affected by this. The attack can only be manually triggered by a
WordPress admin, editor, or author who clicks on a dangerous link
created by the attacker.
In addition, this is something that can easily fixed by updating your
plugin to the latest version. The Yoast team promptly patched the
exploit upon being notified, and the newest version (1.7.4) is said to
fix the problem. The Premium version of the plugin has also been
updated.
Security fix: fixed possible CSRF and blind SQL injection vulnerabilities in bulk editor. Added strict sanitation to order_by and order params. Added extra nonce checks on requests sending additional parameters. Minimal capability needed to access the bulk editor is now Editor. Thanks Ryan Dewhurst from WPScan for discovering and responsibly disclosing this issue.
In the future, you can have plugin updates taken care of automatically
by going to the Manage > Plugins & Themes > Auto Updates tab.
It is strongly recommended that you update all SEO and security plugins
on your websites as soon as possible.
Stay safe!
0 comments:
Post a Comment